NetEqualizer News Blog

Deep Packet Inspection Abuse In Iran Raises Questions About DPI Worldwide

July 10, 2009 — netequalizer

Over the past few years, we at APconnections have made our feelings about Deep Packet Inspection clear, completely abandoning the practice in our NetEqualizer technology more than two years ago. While there may be times that DPI is necessary and appropriate, its use in many cases can threaten user privacy and the open nature of the Internet. And, in extreme cases, DPI can even be used to threaten freedom of speech and expression. As we mentioned in a previous article, this is currently taking place in Iran.

Although these extreme invasions of privacy are most likely not occurring in the United States, their existence in Iran is bringing increasing attention to the slippery slope that is Deep Packet Inspection. A July 10 Huffington Post article reads:

“Before DPI becomes more widely deployed around the world and at home, the U.S. government ought to establish legitimate criteria for authorizing the use such control and surveillance technologies. The harm to privacy and the power to control the Internet are so disturbing that the threshold for using DPI must be very high.The use of DPI for commercial purposes would need to meet this high bar. But it is not clear that there is any commercial purpose that outweighs the potential harm to consumers and democracy.”

This potential harm to the privacy and rights of consumers was a major factor behind our decision to discontinue the use of DPI in any of our technology and invest in alternative means for network optimization. We hope that the ongoing controversy will be reason for others to do the same.

Posted in Commentary and Editorials. Tags: apconnections, bandwidth control, Bandwidth Management, Bandwidth Shaping, deep packet inspection, dpi, Iran, Netequalizer, packet shaping, Traffic Shaping. Leave a Comment »

Google Questions Popular Bandwidth Shaping Myth

July 8, 2009 — netequalizer

At this week’s Canadian Radio-Television and Telecommunications Commission Internet traffic hearing, Google’s Canada Policy Counsel, Jacob Glick, raised a point that we’ve been arguing for the last few years. Glick said:

“We urge you to reject as false the choice between debilitating network congestion and application-based discrimination….This is a false dichotomy. The evidence is, and experience in Canada and in the U.S. already shows, that carriers can manage their networks, reduce congestion and protect the open Internet, all at the same time.”

While we agree with Glick to a certain extent, we differ in the alternative proposed by hearing participants — simply increase bandwidth. This is not to say that increasing bandwidth isn’t the appropriate solution in certain circumstances, but to question the validity of a dichotomy with an equally narrow third alternative doesn’t exactly significantly expand the industry’s options. Especially when increasing bandwidth isn’t always a viable solution for some ISPs.

The downsides of application-based shaping are one of the main reasons behind NetEqualizer’s reliance on behavior-based shaping. Therefore, while Glick is right that the above-mentioned dichotomy doesn’t explore all of the available options, it’s important to realize that the goals being promoted at the hearing are not solely achieved through increased bandwidth.

For more on how the NetEqualizer fits into the ongoing debate, see our past article, NetEqualizer Offers Net Neutrality, User Privacy Compromise.

Posted in Uncategorized. Leave a Comment »

What NetEqualizer Users Are Saying (Updated June 2009)

June 24, 2009 — netequalizer

Editor’s Note: As NetEqualizer’s popularity has grown, more and more users have been sharing their experiences on message boards and listservs across the Internet. Just to give you an idea of what they’re saying, here a few of the reviews and discussion excerpts that have been posted online over the past several months…

Wade LeBeau – The Daily Journal Network Operations Manager

NetEqualizer is one of the most cost-effective management units on the market, and we found the unit easy to install—right out of the box. We made three setting changes to match our network using the web (browser) interface, connected the unit, and right away traffic shaping started, about 10minutes total setup time. The unit has two Ethernet ports…one port toward your user network, the other ports toward your broadband connection/server if applicable. A couple of simple clicks and you can see reporting live as it happens. In testing, we ran our unit for 30-days and saw our broadband reports stabilize and our users receiving the same slices of broadband access. With the NetEqualizer, there is no burden of extensive policies to manage….The NetEqualizer is a nice tool to add to any network of any size. Businesses can see how important the Internet is and how hungry users can be for information.

__________________________________________________________________________________________________

DSL Reports, April 2009

The Netequalizer has resulted in dramatically improved service to our customers. Most of the time, our customers are seeing their full bandwidth. The only time they don’t see it now is when they’re downloading big files. And, when they don’t see full performance, its only for the brief period that the AP is approaching saturation. The available bandwidth is re-evaluated every 2 seconds, so the throttling periods are often brief.

Bottom line to this is that we can deliver significantly more data through the same AP. The customers hitting web pages, checking e-mail, etc. virtually always see full bandwidth, and the hogs don’t impact these customers. Even the hogs see better performance (although that wasn’t one of my priorities).

Click here to read more.

Posted in Uncategorized. Leave a Comment »

What Is Deep Packet Inspection and Why the Controversy?

June 22, 2009 — netequalizer

By Art Reisman

Editor’s note: Art Reisman is the CTO of APconnections. APconnections designs and manufactures the popular NetEqualizer bandwidth shaper. APconnections removed all Deep Packet Inspection technology from their NetEqualizer product over 2 years ago.

As the debate over Deep Packet Inspection continues, network administrators are often faced with a difficult decision: ensure network quality or protect user privacy. However, the legality of the practice is now being called into question, adding a new twist to the mix. Yet, for many Internet users, Deep Packet Inspection continues to be an ambiguous term in need of explanation. In the discussion that follows, Deep Packet Inspection will be explored in the context of the ongoing debate.

Exactly what is Deep Packet Inspection?

All traffic on the Internet travels around in what is called an IP packet. An IP packet is a string of characters moving from computer A to computer B. On the outside of this packet is the address where it is being sent. On the inside of the packet is the data that is being transmitted.

The string of characters on the inside of the packet can be conceptually thought of as the “payload,” much like the freight inside of a railroad car. These two elements, the address and the payload, comprise the complete IP packet.

When you send an e-mail across the Internet, all your text is bundled into packets and sent on to its destination. A Deep Packet Inspection device literally has the ability to look inside those packets and read your e-mail (or whatever the content might be).

Products sold that use DPI are essentially specialized snooping devices that examine the content (pay load inside) of Internet packets. Other terms sometimes used to describe techniques that examine Internet data are packet shapers, layer-7 traffic shaping, etc.

Why do some Internet Providers use Deep Packet Inspection devices?

There are several reasons:

1) Targeted advertising – If a provider knows what you are reading, they can display content advertising on the pages they control, such as your login screen or e-mail account.

2) Reducing “unwanted” traffic — Many providers are getting overwhelmed by types of traffic that they deem as less desirable such as Bittorrent and other forms of peer-to-peer. Bittorrent traffic can overwhelm a network with volume. By detecting and redirecting the Bittorrent traffic, or slowing it down, a provider can alleviate congestion.

3) Block offensive material — Many companies or institutions that perform content filtering are looking inside packets to find, and possibly block, offensive material or web sites.

4) Government spying — In the case of Iran (and to some extent China), DPI is used to keep tabs on the local population.

When is it appropriate to use Deep Packet Inspection?

1) Full disclosure — Private companies/institutions/ISPs that notify employees that their Internet use is not considered private have the right to snoop, although I would argue that creating an atmosphere of mistrust is not the mark of a healthy company.

2) Law enforcement — Law enforcement agencies with a warrant issued by a judge would be the other legitimate use.

What is all the fuss about?

It seems that consumers are finally becoming aware of what is going on behind the scenes as they surf the Internet, and they don’t like it.

In this quote from Paul Stephens (of the Privacy Rights Clearinghouse), the message seems to be that his organization is focusing on the content advertising industry for now. Targeted advertising is certainly a great tool for marketers, but Mr. Stephens’ group believes this is a violation of federal law and has opened a class action suit against a company called NuBead and several other entities.

Not that we condone other forms of online snooping, but deep packet inspection is the most egregious and aggressive invasion of privacy out there….It crosses the line in a way that is very frightening.

– Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, as quoted in the E-Commerce Times on November 14, 2008. Read the full article here.

Recently, Comcast had their hand slapped for re-directing Bittorrent traffic:

Speaking at the Stanford Law School Center for Internet and Society, FCC Chairman Kevin Martin said he’s considering taking action against the cable operator for violating the agency’s network-neutrality principles. Seems Martin was troubled by Comcast’s dissembling around the BitTorrent issue, not to mention its efforts to pack an FCC hearing on Net neutrality with its own employees.

– Digital Daily, March 10, 2008. Read the full article here.

Later in 2008, the FCC came down hard on Comcast.

In a landmark ruling, the Federal Communications Commission has ordered Comcast to stop its controversial practice of throttling file sharing traffic.

By a 3-2 vote, the commission on Friday concluded that Comcast monitored the content of its customers’ internet connections and selectively blocked peer-to-peer connections.

– Wired.com, August 1, 2008. Read the full article here.

To top everything off, some legal experts are warning companies practicing deep packet inspection that they may be committing a felony.

University of Colorado law professor Paul Ohm, a former federal computer crimes prosecutor, argues that ISPs such as Comcast, AT&T and Charter Communications that are or are contemplating ways to throttle bandwidth, police for copyright violations and serve targeted ads by examining their customers’ internet packets are putting themselves in criminal and civil jeopardy.

– Wired.com, May 22, 2008. Read the full article here.

However, it looks like things are going the other way in the U.K. as Britain’s Virgin Media has announced they are dumping net neutrality in favor of targeting bittorrent.

The UK’s second largest ISP, Virgin Media, will next year introduce network monitoring technology to specifically target and restrict BitTorrent traffic, its boss has told The Register.

– The Register, December 16, 2008. Read the full article here.

While the debate over deep packet inspection will likely rage on for years to come, APconnections made the decision to fully abandon the practice over two years ago, having since proved the viability of alternative approaches to network optimization. Network quality and user privacy are no longer mutually exclusive goals.

Canadian ISPs confess in mass to deep packet inspection Jan 22 2009 article from techspot

Posted in News. Tags: bandwidth controller, deep packet inspection, dpi, layer 7 shaping, net neutrality, Netequalizer, packet shaping, spy deep packet inspection, spying with dpi, virgin media. 4 Comments »

NetEqualizer Field Guide to Network Capacity Planning

June 21, 2009 — netequalizer

I recently reviewed an article that covered bandwidth allocations for various Internet applications. Although the information was accurate, it was very high level and did not cover the many variances that affect bandwidth consumption. Below, I’ll break many of these variances down, discussing not only how much bandwidth different applications consume, but the ranges of bandwidth consumption, including ping times and gaming, as well as how our own network optimization technology measures bandwidth consumption.

E-mail

Some bandwidth planning guides make simple assumptions and provide a single number for E-mail capacity planning, oftentimes overstating the average consumption. However, this usually doesn’t provide an accurate assessment. Let’s consider a couple of different types of E-mail.

E-mail — Text

Most E-mail text messages are at most a paragraph or two of text. On the scale of bandwidth consumption, this is negligible.

However, it is important to note that when we talk about the bandwidth consumption of different kinds of applications, there is an element of time to consider — How long will this application be running for? So, for example, you might send two kilobytes of E-mail over a link and it may roll out at the rate of one megabit. A 300-word, text-only E-mail can and will consume one megabit of bandwidth. The catch is that it generally lasts just a fraction of second at this rate. So, how would you capacity plan for heavy sustained E-mail usage on your network?

When computing bandwidth rates for classification with a commercial bandwidth controller such as a NetEqualizer, the industry practice is to average the bandwidth consumption for several seconds, and then calculate the rate in units of kilobytes per second (Kbs).

For example, when a two kilobyte file (a very small E-mail, for example) is sent over a link for a fraction of a second, you could say that this E-mail consumed two megabits of bandwidth. For the capacity planner, this would be a little misleading since the duration of the transaction was so short. If you take this transaction average over a couple of seconds, the transfer rate would be just one kbs, which for practical purposes, is equivalent to zero.

E-mail with Picture Attachments

A normal text E-mail of a few thousand bytes can quickly become 10 megabits of data with a few picture attachments. Although it may not look all the big on your screen, this type of E-mail can suck up some serious bandwidth when being transmitted. In fact, left unmolested, this type of transfer will take as much bandwidth as is available in transit. On a T1 circuit, a 10-megabit E-mail attachment may bring the line to a standstill for as long as six seconds or more. If you were talking on a Skype call while somebody at the same time shoots a picture E-mail to a friend, your Skype call is most likely going to break up for five seconds or so. It is for this reason that many network operators on shared networks deploy some form of bandwidth contorl or QoS as most would agree an E-mail attachment should not take priority over a live phone call.

E-mail with PDf Attachment

As a rule, PDF files are not as large as picture attachments when it comes to E-mail traffic. An average PDF file runs in the range of 200 thousand bytes whereas today’s higher resolution digital cameras create pictures of a few million bytes, or roughly 10 times larger. On a T1 circuit, the average bandwidth of the PDF file over a few seconds will be around 100kbs, which leaves plenty of room for other activities. The exception would be the 20-page manual which would be crashing your entire T1 for a few seconds just as the large picture attachments referred to above would do.

Gaming/World of Warcraft

There are quite a few blogs that talk about how well World of Warcraft runs on DSL, cable, etc., but most are missing the point about this game and games in general and their actual bandwidth requirements. Most gamers know that ping times are important, but what exactly is the correlation between network speed and ping time?

The problem with just measuring speed is that most speed tests start a stream of packets from a server of some kind to your home computer, perhaps a 20-megabit test file. The test starts (and a timer is started) and the file is sent. When the last byte arrives, a timer is stopped. The amount of data sent over the elapsed seconds yields the speed of the link. So far so good, but a fast speed in this type of test does not mean you have a fast ping time. Here is why.

Most p0eople know that if you are talking to an astronaut on the moon there is a delay of several seconds with each transmission. So, even though the speed of the link is the speed of light for practical purposes, the data arrives several seconds later. Well, the same is true for the Internet. The data may be arriving at a rate of 10 megabits, but the time it takes in transit could be as high as 1 second. Hence, your ping time (your mouse click to fire your gun) does not show up at the controlling server until a full second has elapsed. In a quick draw gun battle, this could be fatal.

So, what affects ping times?

The most common cause would be a saturated network. This is when your network transmission rates of all data on your Internet link exceed the links rated capacity. Some links like a T1 just start dropping packets when full as there is no orderly line to send out waiting packets. In many cases, data that arrive to go out of your router when the link is filled just get tossed. This would be like killing off excess people waiting at a ticket window or something. Not very pleasant.

If your router is smart, it will try to buffer the excess packets and they will arrive late. Also, if the only thing running on your network is World of Warcraft, you can actually get by with 120kbs in many cases since the amount of data actually sent of over the network is not that large. Again, the ping time is more important and a 120kbs link unencumbered should have ping times faster than a human reflex.

There may also be some inherent delay in your Internet link beyond your control. For example, all satellite links, no matter how fast the data speed, have a minimum delay of around 300 milliseconds. Most urban operators do not need to use satellite links, but they all have some delay. Network delay will vary depending on the equipment your provider has in their network, and also how and where they connect up to other providers as well as the amount of hops your data will take. To test your current ping time, you can run a ping command from a standard Windows machine

Citrix

Applications vary widely in the amount of bandwidth consumed. Most mission critical applications using Citrix are fairly lightweight.

YouTube Video — Standard Video

A sustained YouTube video will consume about 500kbs on average over the video’s 10-minute duration. Most video players try to store the video up locally as fast as they can take it. This is important to know because if you are sizing a T1 to be shared by voice phones, theoretically, if a user was watching a YouTube video, you would have 1 -megabit left over for the voice traffic. Right? Well, in reality, your video player will most likely take the full T1, or close to it, if it can while buffering YouTube.

YouTube — HD Video

On average, YouTube HD consumes close to 1 megabit.

See these other Youtube articles for more specifics about YouTube consumption

Skype/VoIP Calls

The amount of bandwidth you need to plan for a VoIP network is a hot topic. The bottom line is that VoIP calls range from 8kbs to 64kbs. Normally, the higher the quality the transmission, the higher the bit rate. For example, at 64kbs you can also transmit with the quality that one might experience on an older style AM radio. At 8kbs, you can understand a voice if the speaker is clear and pronunciates their words clearly. However, it is not likely you could understand somebody speaking quickly or slurring their words slightly.

Real-Time Music, Streaming Audio and Internet Radio

Streaming audio ranges from about 64kbs to 128kbs for higher fidelity.

File Transfer Protocol (FTP)/Microsoft Servicepack Downloads

Updates such as Microsoft service packs use file transfer protocol. Generally, this protocol will use as much bandwidth as it can find. There are several limiting factors for the actual speed an FTP will attain, though.

The speed of your link — If the factors below (2 and 3) do not come into effect, an FTP transfer will take your entire link and crowd out VoIP calls and video.
The speed of the senders server — There is no guarantee that the sending serving is able to deliver data at the speed of your high speed link. Back in the days of dial-up 28.8kbs modems, this was never a factor. But, with some home internet links approaching 10 megabits, don’t be surprised if the sending server cannot keep up. During peak times, the sending server may be processing many requests at one time, and hence, even though it’s coming from a commercial site, it could actually be slower than your home network.
The speed of the local receiving machine — Yes, even the computer you are receiving the file on has an upper limit. If you are on a high speed university network, the line speed of the network can easily exceed your computers ability to take up data.

While every network will ultimately be different, this field guide should provide you with an idea of the bandwidth demands your network will experience. After all, it’s much better to plan ahead rather than risking a bandwidth overload that causes your entire network to come to a hault.

APconnections Marks a New Milestone: Six Years Operating a Virtual Company

June 15, 2009 — netequalizer

Duty Calls

Since 2003, APconnections has utilized innovative technology to stay in near constant contact with our customers, offering unmatched service and accessibility. Through the use of the latest mobile communications advances, we’ve worked to surpass the efficiency and effectiveness of the traditional workplace, benefiting both our customers and staff members alike.

Since we’ve always been dedicated to bringing the latest technological benefits to our customers, be it through our own products or in how we might better serve those who use them, building our company around the concept of a virtual workplace made perfect sense. In the end, it provides for greater accessibility and increased freedom at the same time. We can essentially work from anywhere.

In addition to the customer service benefits, the virtual nature of APconnections has been central to maintaining the competitive prices of our products. Removing the middlemen that have typically been necessary for holding organizations together significantly reduces operating costs, which equates to savings that are passed on to our customers. Furthermore, this also assures that our existing and future customers work only with staff possessing unparalleled expertise in APconnections’ technology. This is both a matter of trust and efficiency. We find that it’s very comforting and appealing for customers to know that if and when they call or e-mail, they’ll be working directly with someone who understands our technology better than anyone else.

Posted in Uncategorized. Leave a Comment »

NetEqualizer Software Update Improves VLAN Shaping, NTOP

June 9, 2009 — netequalizer

Editor’s Note: The following blog entry explains the newest NetEqualizer features available with our most recent software update. While minor bug fixes are often included in these updates, they will not always be detailed.

We recently released our newest NetEqualizer software update, further improving on our existing technology. The following fixes have been implemented from the the previous 2.43k version to the latest 3.32a.

Upgraded internal disk memory caching. This feature remedied an issue with NTOP that was causing disk corruptions on the CF drive.
Subnet masking was modified such that masked traffic will not count against your license level. Prior to this change, a customer with a 10-meg license who ran 100 meg local transfers across their NetEqualizer would experience a license violation. You can now mask that traffic (make it invisible to the NetEqualizer and hence not violate your license).
A bug fix was put in for customers who run asymmetric pools. Bandwidth pools with different upload and download speeds were not working correctly prior to this fix.
VLAN shaping fix. There was an issue on cold restarts.
Support for multi-core CPU
More efficient connection limit processing

This software update is available without charge for NetEqualizer customers with a current NetEqualizer Software Subscription (NSS). For more information on this update, or the NSS, contact us at admin@apconnections.net.

Posted in Updates and New Releases. Tags: bandwidth control, Bandwidth Shaping, Netequalizer, NTOP, subnet, VLAN. Leave a Comment »

Do We Need an Internet User Bill of Rights?

June 4, 2009 — netequalizer

The Computers, Freedom and Privacy conference wraps up today in Washington, D.C., with conference participants having paid significant attention to the on-going debates concerning ISPs, Deep Packet Inspection and net neutrality. Over the past several days, representatives from the various interested parties have made their cases for and against certain measures pertaining to user privacy. As was expected, demands for the protection of user privacy often came into conflict with ISPs’ advertising strategies and their defense of their overall network quality.

At the center of this debate is the issue of transparency and what ISPs are actually telling customers. In many cases, apparent intrusions into user privacy are qualified by what’s stated in the “fine print” of customer contracts. If these contracts notify customers that their Internet activity and personal information may be used for advertising or other purposes, then it can’t really be said that the customer’s privacy has been invaded. But, the question is, how many users actually read their contracts, and furhtermore, how many people actually understand the fine print? It would be interesting to see what percentage of Internet users could define deep packet inspection. Probably not very many.

This situation is reminiscent of many others involving service contracts, but one particular timely example comes to mind — credit cards. Last month, the Senate passed a credit card “bill of rights,” through which consumers would be both better protected and better informed. Of the latter, President Obama stated, “you should not have to worry that when you sign up for a credit card, you’re signing away all your rights. You shouldn’t need a magnifying glass or a law degree to read the fine print that sometimes doesn’t even appear to be written in English.”

Ultimately, the same should be true for any service contracts, but especially if private information is at stake, as is the case with the Internet privacy debate. Therefore, while it’s a step in the right direction to include potential user privacy issues in service contracts, it should not be done only with the intention of preventing potential legal backlash, but rather with the customer’s true understanding of the agreement in mind.

Editor’s Note: APconnections and NetEqualizer have long been a proponent of both transparency and the protection of user privacy, having devoted several years to developing technology that maintains network quality while respecting the privacy of Internet users.

Posted in Uncategorized. Tags: bandwidth control, Bandwidth Management, Bandwidth Shaping, deep packet inspection, dpi, internet service provider, ISP, net neutrality, Netequalizer, Obama, packet shaping, Traffic Shaping. Leave a Comment »

Obama’s Revival of Net Neutrality Revisits An Issue Hardly Forgotten

June 1, 2009 — netequalizer

Last Friday, President Obama reinvigorated (for many people, at least) the debate over net neutrality during a speech from the White House on cybersecurity. The president made it clear that users’ privacy and net neutrality would not be threatened under the guise of cybersecurity measures. President Obama stated:

“Let me also be clear about what we will not do. Our pursuit of cyber-security will not — I repeat, will not include — monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans. Indeed, I remain firmly committed to net neutrality so we can keep the Internet as it should be — open and free.”

While this is certainly an important issue on the security front, for many ISPs and networks administrators, it didn’t take the president’s comments to put user privacy or net neutrality back in the spotlight. In may cases, ISPs and network administrators constantly must walk the fine line between net neutrality, user privacy, and ultimately the well being of their own networks, something that can be compromised on a number of fronts (security, bandwidth, economics, etc.).

Therefore, despite the president’s on-going commitment to net neturality, the issue will continue to be debated and remain at the forefront of the minds of ISPs, administrators, and many users. Over the past few years, we at NetEqualizer have been working to provide a compromise for these interested parties, ensuring network quality and neutrality while protecting the privacy of users. It will be interesting to see how this debate plays out, and what it will mean for policy, as the philosophy of network neutrality continues to be challenged — both by individuals and network demands.

APconnections Announces 50-Percent-Off Sale of New NetEqualizer-Lite

May 26, 2009 — netequalizer

Beginning May 26, all customers purchasing a full size NetEqualizer 2000/3000 model will qualify for a 50-percent discount on the NetEqualizer-Lite. In addition, the offer will be extended to all existing NetEqualizer users who will also be entitled to the 50-percent discount on their first NetEqualizer-Lite purchase. This offer is valid until June 30, 2009. Limit two per customer.

As well as offering users the same services available through previously released NetEqualizer models, the NetEqualizer-Lite is Power-over-Ethernet (PoE), handling up to 10 megabits of traffic and 200 users. Furthermore, the NetEqualizer-Lite also serves to solve hidden node issues without customers having to change their existing access points.*

Although the core technology behind the NetEqualizer has not changed, with the latest release price point, many ISPs and businesses are deploying the NetEqualizer-Lite closer to end users, often directly behind congested access points.

After just over a month in the field, NetEqualizer-Lite users are reporting they can now easily increase Internet subscribers by 30 to 50 percent at once congested towers and AP sites. For example, a customer with an 802.11b radio now has 100 subscribers on his network and is still running smoothly. In the past, this customer’s norm for saturation stood at roughly 20 users, but he is now enjoying a 500-percent increase after installing the NetEqualizer-Lite. This is translating into both higher revenues and a more satisfied customer base.

The NetEqualizer-Lite lists at $1499. In addition to the 50-percent discount, we are also currently offering volume discounts. Pricing information on all other NetEqualizer models is available online at http://www.netequalizer.com. For more information, please contact APconnections at 1-800-918-2763 or admin@apconnections.net.

*Hidden nodes are a problem frequently encountered by commercial wireless operators that has previously been solved using APconnections’ AirEqualizer technology. The NetEqualizer-Lite’s capability to offer similar solutions is simply one of the multiple benefits of the technology for administrators of networks of many different types and sizes.

Posted in News, Updates and New Releases. Tags: bandwidth control, Bandwidth Management, bandwidth shaper, Bandwidth Shaping, bittorrent, information technology, internet congestion, ISP, IT, Netequalizer, network congestion, p2p, Packeteer, Traffic Shaping, WISP. Leave a Comment »

New Asymmetric Shaping Option Augments NetEqualizer-Lite

May 21, 2009 — netequalizer

We currently have a new release in beta testing that allows for equalizing on an asymmetric link. As is the case with all of our equalizing products, this release will allow users to more efficiently utilize their bandwidth, thus optimizing network performance. This will be especially ideal for users of our recently released NetEqualizer-Lite.

Many wireless access points have a limit on the total amount of bandwidth they can transmit in both directions. This is because only one direction can be talking at a time. Unlike wired networks, where a 10-meg link typically means you can have 10 megs UP and 10 megs going the other direction simultaneously, in a wireless network you can only have 10 megabits total at any one time. So, if you had 7 megabits coming in, you could only have 3 megabits going out. These limits are a hard saturation point.

In the past, it was necessary to create separate settings for both the up and down stream. With the new NetEqualizer release, you can simply tell the NetEqualizer that you have an asymmetric 10-megabit link, and congestion control will automatically kick in for both streams, alleviating bottlenecks more efficiently and keeping your network running smoothly.

For more information on APconnections’ equalizing technology, click here.

Posted in Updates and New Releases. Tags: application shaping, bandwidth, bandwidth control, Bandwidth Management, Bandwidth Shaping, bittorrent, internet, internet congestion, Internet optimization, Netequalizer, network congestion, packet shaping, QoS, Traffic Shaping. Leave a Comment »

NetEqualizer-Lite Revolutionizing WISP Performance

May 21, 2009 — netequalizer

After just over a month in the field, NetEqualizer-Lite users are reporting they can now easily increase Internet subscribers by 30 to 50 percent at once congested towers and access point (AP) sites. For example, a customer with an 802.11 B radio now has 100 subscribers on his network and is still running smoothly. In the past, this customer’s norm for saturation stood at roughly 20 users, but he is now enjoying a 500-percent increase after installing the NetEqualizer-Lite. This is translating into both higher revenues and a more satisfied customer base.

Although the core technology behind the NetEqualizer has not changed, with the latest release price point, many users are deploying the NetEqualizer-Lite closer to customers or just behind their congested wireless access points. Customer satisfaction with the new release has been consistent across the board, with users voicing their reviews to us directly as well as online. One user on DSLReports.com commented:

“The Netequalizer has resulted in dramatically improved service to our customers….Bottom line to this is that we can deliver significantly more data through the same AP. The customers hitting web pages, checking e-mail, etc. virtually always see full bandwidth, and the hogs don’t impact these customers. Even the hogs see better performance” (dslreports.com).

In addition to offering users the same services available through previously released NetEqualizer models, the NetEqualizer-Lite is Power-over-Ethernet (PoE), handling up to 10 megabits of traffic and 200 users. Furthermore, the NetEqualizer-Lite also serves to solve hidden node issues without customers having to change their existing APs.*

The NetEqualizer-Lite lists at $1499, but we are currently offering volume discounts. Please contact us for more information at 1-800-918-2763 or admin@apconnections.net.

Posted in News, Updates and New Releases. Tags: bandwidth control, Bandwidth Management, Bandwidth Shaping, bittorrent, internet, internet congestion, Netequalizer, network congestion, p2p, t1, Traffic Shaping. Leave a Comment »

What to Consider When Deploying Your Network Access Control

May 15, 2009 — netequalizer

The decision to deploy a network access control or Network Management system may seem simple at first, but many questions remain beyond realizing that initial need. There are a number of factors you should consider when determining what type of NAC is right for you and how it might be deployed, as some tradeoffs exist that will affect your business model depending on what you are trying to accomplish. The following tips, although technical in nature, break down the trade offs with easy to understand explanations.

1) Identifying your users as fixed or mobile – With fixed users, apartment buildings and offices can usually rely on what is called a MAC address to identify which users have access to the network. The MAC address is the unique address that comes with every networking card and wireless card on a computer.

However, the downside of using MAC address authentication is that many users like to be able to change computers or allow guests to login from their own machines. The only practical way for an ISP to deploy a MAC authentication system is when the ISP is able to install customer premise equipment such as a cable modem. The modem and its MAC address act as a gateway to the apartment or office and can be authenticated or shut off if a customer does not pay their bill.

Furthermore, many installations need to be more dynamic since people like to take their laptops out of their office or apartment and into a common area. The same is true for hotels and similar environments. Although every user on your network has an IP address, they are not unique to that user and can easily be spoofed. So, this essentially leaves you with only one option: Login-based authentication.

2) Login-based authentication – Login-based authentication lasts for the duration of the session when a user is logged in. It is controlled by username and password and the user is given a temporary IP address for their session, making it unlikely, but not impossible, that a hacker can steal the session.

Yet, there are some things that must be considered with a login based user session. Here are a few other key considerations when using a login-based authentication.

3) Automatic log out? – You can’t expect users to always log out or tell you when they are finished accessing the network, so you must log them out after a period of inactivity. This is especially true when users are paying for a limited amount of access time or when a user may be utilizing multiple computers. The easiest way to do this is to program the NAC to log users out after a set amount of time of inactivity.

4) How to bill – You must decide if a user account gets billed by the calendar regardless of whether they use it, or simply by login time. If you’re likely to have a steady stream multiple users who will want to log on for short amounts of time – like in an airport or coffee shop – it may make more sense to charge by the hour rather than by the month.

5) Do you want to offer different levels of service? – Many providers offer users a few different options with varying speeds. So, for example, you may want to tier your service with bronze, gold, and platinum levels, with users paying more in order to get faster speeds. This allows users who may just want to check their e-mail to do so at a lower cost than the users who are looking to stream videos or update their podcasts.

6) Can an account have more than one simultaneous login? – For example, you could sell access under a single account to a group of people for a sales meeting or convention, which would allow multiple users to access the Internet at the same time from their individual computers. Supply and demand really come into play here, so you need to make sure to allocate enough bandwidth for the multiple users, but also not run the risk of impacting others on your network.

7) Making the most of your space – You may also want to sell marketing space on your login page, which you are able to customize. Say, if you’re a hotel, I’m sure the local pizza place would love to place an ad – especially if they take orders online. This gives you the option of supplementing your existing income from network subscribers with a steady stream of advertising revenue.

8) How much support do you provide? – Do you have a support center available to give refunds for people who miss a charge or can’t get service after purchasing? The ease with which this can be done often depends on the setup that you’re running. For example, in a hotel, support can simply be provided at the front desk. This is a decision that will obviously also be based on your past experience with your network access controller. If problems don’t usually come up, then having around-the-clock support most likely won’t be necessary.

9) Easy instant billing? – Again, this will likely depend on your individual setup and what your customers will want. If you wish to use credit card processing on the fly for a login, you’ll need a merchant account with a bank that supports online authentication. The vendor who you purchase your system from will also need to know how to work with this account. But, if you’re just providing access to groups that have planned ahead of time, the instant online billing probably isn’t needed.

While you’re likely to come across additional questions once you’ve got your network access controller in place, these considerations simply illustrate a sampling of what issues you may want to take into account. As mentioned throughout, in most cases, a final decision will ultimately depend on how and why your NAC is being used. Of course, for many, this may change on a regular basis. Therefore, you don’t necessarily need to have exact plans set in stone before implementing your NAC, but rather simply choose an option that will allow some flexibility. What’s important is that you remain in control.

Posted in Uncategorized. Tags: control internet access, Internet Access, ISP, login authentication, mac authentication, mac redirection, network access, Network Access Control, network gateway, network login, network management system. Leave a Comment »

Top Six Fear-Driven Network Equipment Purchases

May 11, 2009 — netequalizer

Fear is one of our most primal survival instincts. But, as such, sales people around the world have made a business out of selling their products on fear and making them out to be a necessity for survival. Below, we will highlight some of the current and historical fear-based triggers used to push oftentimes unneeded items with respect to the networking industry.

1) CALEA compliance — A little over a year ago, we were besieged by frantic inquiries from many of our ISP customers about the need to do something for the new CALEA laws. Basically, these are laws that require data carriers to provide access to law enforcement agencies upon receipt of a judge’s order.

We spent the next few months researching what the intent of the CALEA laws were, and what that meant to our customers. Yes, CALEA is a real law with teeth, but it was intended to help law enforcement agencies track criminals using data networks, not force ISPs into bankruptcy.

There are some low cost options available to operators wanting to conform, so before you break the bank, do some research. But, also be aware, as somewhere along the line CALEA became the Next Y2k fear-driven windfall for unscrupulous networking sales reps. Familiarize yourself with what you need and then find a product that works for you. While we were more than happy to help users of our products comply, we felt than an informed customer was more important that one that was simply panicked and afraid. More info on the NetEqualizer approach to CALEA compliance.

2) Secure credit card transmission over the Internet — In short, credit information becomes the most unsecured once it reaches a corporate database. A hacker or employee with bad intentions is many times more likely to lift credit card information from a fixed database rather than in transit over the Internet. Therefore, the paranoia that abounds over submitting a credit card to Web a site for fear of transmission piracy is way out of proportion to the actual risk.

Consumers will gladly hand their credit card off to a random strangers behind the cash register at a brick and mortar establishment, but for some reason, submitting your credit card to a Web site creates an unacceptable risk for many. This fear has given rise to a cottage industry around secure Internet transmission. The bottom line is that stealing a credit card in transit over the Internet would take extreme patience and inside help from a carrier. To top it off, the credit card issuers have mastered the art of shutting off your card at the first sign of any anomaly (at great inconvenience to their customers in many cases, but worth it in a true emergency). However despite the relative lack of risk, there is a significant amount of money and technology spent on securing merchant sites.

3) Y2k – This is an old one, and yes, there were some critical systems out there that might have suffered. My firsthand personal experience from that time was just a wake-up call. My employer had me doing Y2k upgrades to our product line and the scare pushed our sales to their biggest year ever. However, within 3 years revenue had dropped 65 percent. Perhaps we should have been doing real product improvements?

4) Virus protection for your laptop – Yes, viruses are real and they attack all the time, but I simply just save off my critical files daily and re-load my windows box when I get a virus. I prefer this method over being a slave to a Norton pop-up box. You can also convert to MAC or Linux desktop, which seem to carry some form of natural immunity. New York Times writer Paul Boutin agrees in this recent article.

5) Lack of technology for our schools — Yes, there is some level of computer literacy required in the work force today, however, with the billions (trillions?) spent by schools today, you’d think there might be some increase in standardized test scores. I’d much rather see the money spent on increasing teacher salaries and smaller class sizes, even if it meant learning to calculate on an abacus. Training the mind to think and reason critically is a skill for life that transcends technology and requires encouragement and challenge from teachers.

6) Uninterruptable Power Supply (UPS) — I almost gagged when I read the blurb below from a UPS sales VP from a trade rag. Originally, I was thinking of including UPS power supplies on my list, but I had no evidence that they were being miss represented. And, yes, in many situations a good UPS will save your computer and computer center from crashing, so please understand they are important pieces of equipment for a data center. But, the context below confirmed my suspicion. The lead touts ways to speed up network performance, essentially implying that if your network is slow, you need UPS servers to correct it!

Are their desktops locking up every time someone runs the microwave oven? “If VARs aren’t selling UPSs [uninterruptible power supplies] with each new server or desktop, they are doing their customers an injustice, and they may be leaving money on the table,” says ….. name and company omitted.

This quote and full article is written to infer that your desktop computer and network may run “slow” because of a lack of power. The fact is, your computer will crash hard if power drops below a fixed tolerance. It is not an electric motor that winds down slowly. It is either on or off. A UPS prevents crashes due to lack of power, but it will not make your network faster or more efficient.

The point of this article isn’t to completely discount the six issues discussed above, but rather to provide some context. In many cases, fear is based on a lack of knowledge and understanding. Therefore, the problems mentioned here may not necessarily be best solved with one tech product or another, but instead could be remedied by a little bit of research. As a consumer, doing your homework goes a long way.

Posted in Uncategorized. Tags: calea, fear sells, fear sells technology, lack of technology fear, Netequalizer, network equipment, network equipment purchase, slow network, technology and fear, ups, using fear to sell technology, virus fear. Leave a Comment »

NetEqualizer-Lite Is Now Available!

May 11, 2009 — netequalizer

Last month, we introduced our newest release, a Power-over-Ethernet NetEqualizer. Since then, with your help, we’ve titled the new release the NetEqualizer-Lite and are already getting positive feedback from users. Here’s a little background about what led us to release the NetEqualizer-Lite…Over the years, we’d had several customers express interest in placing a NetEqualizer as close as possible to their towers in order to relieve congestion. However, in many cases, this would require both a weatherproof and low-power NetEqualizer unit – two features that were not available up to this point. However, in the midst of a growing demand for this type of technology, we spent the last few months working to meet this need and thus developed the NetEqualizer-Lite.

Here’s what you can expect from the NetEqualizer-Lite:

Power over Ethernet
Up to 10 megabits of shaping
Up to 200 users
Comes complete with all standard NetEqualizer features

And, early feedback on the new release has been positive. Here’s what one user recently posted on DSLReports.com:

We’ve ordered 4 of these and deployed 2 so far. They work exactly like the 1U rackmount NE2000 that we have in our NOC, only the form factor is much smaller (about 6×6x1) and they use POE or a DC power supply. I amp clamped one of the units, and it draws about 7 watts….The Netequalizer has resulted in dramatically improved service to our customers. Most of the time, our customers are seeing their full bandwidth. The only time they don’t see it now is when they’re downloading big files. And, when they don’t see full performance, its only for the brief period that the AP is approaching saturation. The available bandwidth is re-evaulated every 2 seconds, so the throttling periods are often brief. Bottom line to this is that we can deliver significantly more data through the same AP. The customers hitting web pages, checking e-mail, etc. virtually always see full bandwidth, and the hogs don’t impact these customers. Even the hogs see better performance (although that wasn’t one of my priorities). (DSLReports.com)

Pricing for the new model will be $1,200 for existing NetEqualizer users and $1,550 for non-customers purchasing their first unit. However, the price for subsequent units will be $1,200 for users and nonusers alike.

For more information about the new release, contact us at admin@apconnections.net or 1-800-918-2763.

Posted in Updates and New Releases. Tags: bandwidth control, Bandwidth Management, bandwidth shaper, Bandwidth Shaping, internet congestion, Internet optimization, Netequalizer, network congestion, p2p, packet shaping, QoS, t1, WISP. 1 Comment »

« Older posts

NetEqualizer News Blog

Pages

Top Posts

Recent Posts

Deep Packet Inspection Abuse In Iran Raises Questions About DPI Worldwide

Google Questions Popular Bandwidth Shaping Myth

What NetEqualizer Users Are Saying (Updated June 2009)

What Is Deep Packet Inspection and Why the Controversy?

Exactly what is Deep Packet Inspection?

Why do some Internet Providers use Deep Packet Inspection devices?

When is it appropriate to use Deep Packet Inspection?

What is all the fuss about?

NetEqualizer Field Guide to Network Capacity Planning

E-mail

Gaming/World of Warcraft

Citrix

YouTube Video — Standard Video

YouTube — HD Video

Skype/VoIP Calls

Real-Time Music, Streaming Audio and Internet Radio

File Transfer Protocol (FTP)/Microsoft Servicepack Downloads

APconnections Marks a New Milestone: Six Years Operating a Virtual Company

NetEqualizer Software Update Improves VLAN Shaping, NTOP

Do We Need an Internet User Bill of Rights?

Obama’s Revival of Net Neutrality Revisits An Issue Hardly Forgotten

APconnections Announces 50-Percent-Off Sale of New NetEqualizer-Lite

New Asymmetric Shaping Option Augments NetEqualizer-Lite

NetEqualizer-Lite Revolutionizing WISP Performance

Top Six Fear-Driven Network Equipment Purchases

NetEqualizer-Lite Is Now Available!

Links